BGP Signaling for L2VPNs Overview

When you configure VPWS at a given PE router for a given L2VPN customer, BGP signals reachability for all sites that belong to that L2VPN. This signaling is identical to the signaling used for BGP/MPLS VPNs and VPLS. The network layer reachability information (NLRI) for both services are encoded in a similar manner.

A new NLRI format carries the individual VPWS information listed in Table 133. One or more of these NLRIs is carried in the MP_REACH_NLRI and MP_UNREACH_NLRI BGP attributes.

Table 133: Components of VPWS NLRI

NLRI value

Size in octets



Route Distinguisher




Label-block Offset


Label Base


Variable TLVs


The local PE router selects a contiguous label block to cover all the remote sites for a given VPWS instance. The local PE router then advertises that label block as part of the reachability information for a given CE device in a particular VPWS instance; (the NLRI contains the CE-ID (site ID) for the CE device. This label block represents the set of demultiplexers that are used to cross-connect incoming MPLS traffic to a specific local interface in the VPWS instance.

The local PE router also processes advertisements from all remote PE routers and for each local interface in an VPWS instance. The local PE router selects a demultiplexer label from a label block received from the remote PE router associated with each remote site in the VPWS instance. Traffic coming into the local interface from the CE device is cross-connected to an MPLS next hop that corresponds to the demultiplexer. Traffic is then encapsulated in MPLS and sent across the MPLS core to the remote PE router in the L2VPN.

The same address family identifier (AFI) and subsequent address family identifier (SAFI) are used in the NLRI for VPWS and VPLS.

The VPWS NLRIs must be accompanied by a route-target extended community. PE routers that receive VPN information can filter route advertisements with the route target import lists and export lists. This route filtering enables the PE routers to control CE-to-CE connectivity or full-mesh, hub-and-spoke, and overlapping VPNs as is done in L3VPNs.

A VPWS NLRI is uniquely identified by the route distinguisher, site ID (CE-ID), and the label block offset.

In addition to the site ID and label block information, BGP also signals control flags that indicate whether a control word is included in the encapsulation and whether packets have a sequence number. If a control word mismatch occurs, the pseudowire remains in a down state with a status of control word mismatch.

A control status vector is sent along with the other NLRI information. This vector carries the operational state of the local layer 2 interfaces between the PE router and CE device for a given VPWS instance. A TLV type of 1 is used currently to interoperate with Junos OS.

For information about configuring BGP/MPLS VPNs, see Configuring BGP-MPLS Applications. For information about configuring VPLS, see Configuring VPLS.

Related Documentation